[SOLVED] Let'sEncrypt on Kubernetes

emon_lq · 10-02-2019, 06:21 AM

Hi everyone

I am trying to setup Let'sEncrypt on our on-premise Kubernetes cluster.

Although I am new to SSL certificates & Let'sEncrypt

I have been gathering basic understanding of the following :-

Private/Public key pairs
Certificate Authority
Certificate Signing Requests.
X.509 Certificate types
Domain Validated certificates (DV)
Organization Validated certificate (OV)
Extended Validation certificates (EV)
Using opessl to manipulate/create files like CRT CER KEY (PEM DER)

I have come across a lot of step by step guides on how to deploy cert-manager

What I can't understand Is how they never submit a CSR and pass the validation challenge from Let'sEncrypt??!!

Their deployment just works!!

I have never used Let'sEncrypt, but I have wildcard certificate for my domain from a different RootCA; do I not have to submit CSR to Let'sEncrypt??

Is there something that I am not getting/misunderstanding??

Thanks in advance
Emon

berndbausch · 10-02-2019, 11:51 PM

It's done automatically:

Quote:

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.

(my highlighting)

emon_lq · 10-14-2019, 01:41 AM

Quote:

Originally Posted by berndbausch

It's done automatically:

(my highlighting)

Hi berndbausch

Sorry for the late reply.

After further studying I realized that I was misunderstanding a key concept.

I need to have an actual domain name pointing to my IP!!

This is so embarrassing..,
I can't believe I actually missed that!

Anyways
Thanks Guys